5 min read

Building a Cybersecurity Mesh Architecture in the Real World

Like zero trust, the cybersecurity mesh re-envisions the perimeter at the identity layer and centers upon unifying disparate security tools into a single, interoperable ecosystem.

The past two years' events have taught us all just how important it is to stay agile and flexible. We've experienced a more challenging threat landscape as well as expanding attack surfaces. These challenges have come with accelerated cloud transformation and the dissolution of traditional corporate network perimeters and distributed workforces. As a result, there's growing interest in security strategies emphasizing security controls that span widely distributed assets — including multicloud ecosystems.

One such strategy that's currently generating quite a bit of buzz is cybersecurity mesh architecture (CSMA).

The term "cybersecurity mesh" was coined by analyst firm Gartner, which called CSMA one of the top strategic technology trends of 2022. Gartner defines cybersecurity mesh architecture as a "common, broad and unified approach … [that] extend[s] security beyond enterprise perimeters." In Gartner's view, CSMA focuses on composability, scalability, and interoperability to create a collaborative ecosystem of security tools. Somewhat optimistically, Gartner predicts that "organizations adopting a cybersecurity mesh architecture to integrate security tools to work as a cooperative ecosystem will reduce the financial impact of individual security incidents by an average of 90% by 2024."

Like zero trust, the cybersecurity mesh model is well suited for today's cloud applications and workloads since it re-envisions the perimeter at the identity layer and centers upon unifying disparate security tools into a holistic, interoperable ecosystem.

The emphasis on composability, scalability, and interoperability means that CSMA can move security teams from managing fragmented, individually configured services to deploying best-of-breed solutions that work together to mature the organization's security posture. To achieve this end, though, multiple vendors will need to adopt open, standards-based approaches to interoperability.

As the concept of CSMA becomes more and more popular, however, questions remain. Will organizations invest in zero trust and CSMA side by side as they advance along the path to modernization? Both approaches are, after all, complementary, and building a resilient CSMA will enable an organization to achieve zero trust objectives. And do enough best-of-breed solutions exist that can integrate successfully to deliver the outcomes enterprises want from CSMA in the real world?

The idea of the cybersecurity mesh relies on assumptions about how widely available truly composable security services really are. These solutions feature an architecture designed to scale in a more agile fashion through an API-first approach — enabling flexibility and multicloud ecosystem management. CSMA also calls for common frameworks for everything from analytics to threat intelligence and security controls that can communicate via APIs.

An effective mesh architecture will also demand stronger, centralized policy management and governance. It'll be essential to orchestrate better least-privilege access policies, which organizations can achieve by using a centralized policy management engine in conjunction with distributed enforcement. Security leaders must apply artificial intelligence/machine learning-based policies at the identity layer and extend these policies across the entirety of the access path — from device or endpoint to workload or application — to create integrated security out of an array of individual components.

Although CSMA remains more of a concept than an architecture at this point, there are three ways that security leaders can begin thinking about how to start deriving value.

Look to Deploy Composable Cybersecurity Technologies
On average, every large organization runs 47 different cybersecurity tools within its environment, leaving security teams to spend unsustainable amounts of time and effort managing complex, unwieldy integrations. By taking an API-first and standards-based approach, organizations can make everything a service. This way, security tools can talk to one another, sharing context and risk intelligence.

While open standards have seen increased adoption in many other areas of IT, the cybersecurity industry has lagged behind. Stakeholders across the industry need to work together to ensure that risk, identity context, usage, and other telemetries are effortlessly consumable across different solutions. This way, for instance, the secure email gateway can "talk" to the network firewall, and both can inform authentication decisions.

Centralize Policy Management Across All Your Security Tools
This isn't simple. It will take a concerted effort to consolidate all security policies, including identity and access policies, in your environment and additional work to streamline this across multiple security tools. You'll need to incorporate a central policy engine that can decide whether to grant, deny, or revoke access to resources for entities across the organization. And you'll need to ensure that your organization administers and enforces these policies across every device and resource in the environment, no matter how widely distributed they may be.

Establish KPIs and Track Them
This is the only way to ensure that your CSMA genuinely works well together and delivers the intended results. Your organization should identify which metrics are essential to track and report, while keeping in mind that there may be multiple levels of KPIs to address. For example, a CISO may wish to report specific KPIs at the board level to show the CSMA strategy is impacting business outcomes — while individual teams will need to measure separate KPIs to assess security posture and overall cyber resiliency.

Current trends like the large-scale adoption of remote work and increasing reliance on hybrid and multicloud infrastructures won't reverse themselves anytime soon. To meet the modern enterprise's ever-growing requirements for agility, security leaders must carefully examine their existing security infrastructure to find opportunities to bring previously siloed solutions together. Whether this will become known as CSMA or simply "enhanced interoperability and efficiency" in the months and years to come remains to be seen, but the need is pressing.